Guides
ProductDeveloper
Guides
ProductDeveloper

Set Up DNS Layer Security

To start protecting your users and devices, enable Umbrella DNS-layer security. DNS-layer security is the most effective way to protect your users everywhere in minutes. You can protect your networks and devices with DNS-layer security through the DNS policy.

Table of Contents

Step 1: Add a Network Identity

  1. Log into Umbrella.
  2. Add a Network identity.

An identity is an entity that Umbrella protects through policies and monitors through reports. For more information, see Add a Network Identity.

Step 2: Configure Your DNS Settings

To enable Umbrella DNS-layer security, you must configure your operating system, or hardware firewall or router DNS settings to Umbrella's domain name server IP addresses. You must also turn off the automatic DNS servers provided by your internet service provider (ISP). Umbrella supports both IPv4 and IPv6 addresses. For more information, see Point Your DNS to Cisco Umbrella.

After you complete Steps 1 and 2, all users and devices on your network are protected. For additional visibility and control, per-user or per-IP policy, or internal IP address logging, continue to Step 3. Otherwise, you can skip to Step 4: Add a DNS Policy.

Step 3: Set Up Clients and Virtual Appliances (Optional)

Set up a roaming computer, mobile device, Chromebook, or Virtual Appliance.

Set Up an Umbrella Roaming Client or AnyConnect Roaming Security Module

Umbrella offers two endpoint agents for Windows and macOS: AnyConnect Roaming Security Module and Umbrella Roaming Client. You can use either endpoint agent on-network for enhanced visibility and control, and seamless policy that follows the user. We recommend the AnyConnect Roaming Security Module.

Most Umbrella subscriptions include the AnyConnect Roaming Security Module. The AnyConnect Roaming Security Module does not require the use of a Cisco VPN, and it is highly compatible with third-party VPNs. For more information, see The AnyConnect Plugin: Umbrella Roaming Security.

Set Up an Umbrella Mobile Client App

Set Up a Chromebook Client

Umbrella provides DNS security-layer protection for Chromebook users on and off network through the Umbrella Chromebook client. For more information, see Chromebook Client User Guide.

Set Up a Virtual Appliance

An Umbrella virtual appliance (VA) is a lightweight virtual machine that is compatible with VMware ESX/ESXi, Windows Hyper-V, Nutanix, and KVM hypervisors. You can use the Umbrella VA with the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms.

Use the Umbrella Virtual Appliance to:

  • Serve as a conditional DNS forwarder
  • Enable Active Directory (AD) integration

For more information, see Virtual Appliance User Guide.

Step 4: Add a DNS Policy

Add a DNS policy and enable an identity in the DNS policy. For more information, see Manage Policies.

Step 5: Test Your DNS Policies

You can evaluate the configuration of your DNS-layer security and Umbrella DNS policies. To get started, run the DNS policy tester, load an Umbrella test URL in a browser, or view the reports for the identities in your system.

Test Policies:

Test Destinations:

View Reports and Monitor Your Identities and Traffic:
You can view the traffic from your identities, audit administrative changes in the system, and monitor potential threats in your networks through the Umbrella Admin Audit Log, Activity Search, and Security Activity reports. For newly added identities, the first report may take up to one hour to appear. After the initial delay, DNS queries appear in reports in a few seconds. For more information, see Get Started with Reports.

Get Started < Set Up DNS-Layer Security > Point Your DNS to Cisco Umbrella

Updated about 2 months ago